21 Apr
2011
21 Apr
'11
9:49 p.m.
I'd say base it on OpenLDAP. As far as the password change option, one simple but effective system is the passwd.cgi script from cgipaf:
http://freshmeat.net/projects/cgipaf/
Although you already have to provide your old password to do an update, putting it behind http-basic authentication will allow you to use things like fail2ban to protect against brute forcing.
Devin